HQRT: A Hybrid Quantum-Resistant Resumption Framework for Zero-RTT TLS 1.3 Early Data Security

TLS 1.3 zero-round-trip-time (0-RTT) resumption reduces reconnection latency by allowing clients to transmit early application data using pre-shared keys (PSK) derived from previously established session tickets. This mechanism is pivotal for latency-sensitive web services, API gateways, and IoT applications. However, the cryptographic foundations of current session tickets—symmetric keys derived from classical X25519 key exchange—are fundamentally vulnerable to Harvest-Now-Decrypt-Later (HNDL) quantum attacks: an adversary capturing session ticket exchanges today can retroactively decrypt PSKs and all 0-RTT early data once a cryptographically relevant quantum computer (CRQC) becomes available. This paper introduces HQRT (Hybrid Quantum-Resistant Resumption for TLS 1.3), a protocol-level framework that embeds a hybrid X25519 + ML-KEM-768 key encapsulation into the TLS 1.3 NewSessionTicket lifecycle, producing quantum-safe session tickets without additional handshake round trips. HQRT defines a Hybrid Resumption Master Secret (HRMS) derived from both classical and post-quantum shared secrets and integrates it into the TLS 1.3 key schedule as a drop-in extension of the Resumption Master Secret. We provide: (i) a formal security model for quantum-safe 0-RTT resumption with game-based HNDL-resistance proofs; (ii) an extended replay protection analysis under quantum adversaries; (iii) a proof-of-concept implementation on OpenSSL 3.x with the OQS provider; and (iv) comprehensive benchmarks across server, desktop, and IoT platforms demonstrating only 4–9% latency overhead and 6.5% throughput reduction relative to classical 0-RTT, versus the 81–89% overhead of full post-quantum handshakes. A cumulative cost-benefit analysis over multi-session workloads demonstrates 34–97% amortised overhead reduction compared to per-reconnection PQC handshakes, with latency distributions exhibiting sub-millisecond tail divergence from classical baselines. HQRT provides a practical, incrementally deployable pathway for quantum-safe TLS resumption compatible with existing certificate infrastructure.